Bug 717338 - pem module may attempt to free an uninitialized pointer
pem module may attempt to free an uninitialized pointer
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
rawhide
x86_64 Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 805232 847462
  Show dependency treegraph
 
Reported: 2011-06-28 11:23 EDT by Nalin Dahyabhai
Modified: 2012-08-11 13:18 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 805232 (view as bug list)
Environment:
Last Closed: 2012-03-20 16:36:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
minimal attempt at a reproducer (2.18 KB, text/plain)
2011-06-28 11:24 EDT, Nalin Dahyabhai
no flags Details
patch for NSS which fixes my application (552 bytes, patch)
2011-06-28 11:59 EDT, Nalin Dahyabhai
no flags Details | Diff

  None (edit)
Description Nalin Dahyabhai 2011-06-28 11:23:32 EDT
Description of problem:
When my application attempts to load a private key file, it crashes in pem_CreateObject().

Version-Release number of selected component (if applicable):
nss-3.12.10-4.fc16.x86_64

How reproducible:
Always

Steps to Reproduce:
1. SECMOD_LoadUserModule(libnsspem.so)
2. PK11_CreateGenericObject(CKA_CLASS=CKO_PRIVATE_KEY,CKA_TOKEN=CK_TRUE)
  
Actual results:
pem_CreateObject() passes an uninitialized certDER.data to nss_ZFreeIf()

Additional info:
When I cut it down to the bare minimum to try to create a simpler reproducer, I don't get a crash any more, but valgrind at least still flags the errors.
Comment 1 Nalin Dahyabhai 2011-06-28 11:24:30 EDT
Created attachment 510308 [details]
minimal attempt at a reproducer
Comment 2 Nalin Dahyabhai 2011-06-28 11:59:56 EDT
Created attachment 510313 [details]
patch for NSS which fixes my application
Comment 3 Elio Maldonado Batiz 2011-09-12 12:09:05 EDT
Nalin, I'm picking up your patch. It will be applied with other I have in the queue. Thanks.
Comment 4 Kai Engert (:kaie) 2012-03-20 16:36:56 EDT
I see the fix is already in rawhide, closing.

Note You need to log in before you can comment on or make changes to this bug.